Numbers you have to know ... In 2016

Source: Risk Based Security Report

4,281,795,808

Records Breached

1 Tbps

Largest DDoS attack

$101 Billion

Spending in Cyber Security by 2020

$6

To buy access to hacked server

123456 / qwerty / 1q2w3e4r

Password of 17% computer users

$1 Billion

Paid to Ransomware

Ranking of HK (2013)

Ranking of HK (2014)

Ranking of HK (2015)

Global Threat

Ranking 225 23 17

Asia, Pacific and Japan

(APJ) Threat Ranking 58 8 7

Cyber Security Situation in HK

Source: Symantec’ Internet Security Threat Report

0

1,000

2,000

3,000

4,000

5,000

6,000

7,000

2010 2011 2012 2013 2014 2015 2016

Cyber Security Incident in HK

980

Source: HKCERT

810 1050

1593

3443

4928

6058

Cyber Security Situation in HK

Common types of Cyber Attack

DDoS / Botnet Malware (Ransomware)

Phishing Email / Website Defacement

Cyber Security Situation in HK

1. Public Free Wi-Fi

2. Ransomware

3. CEO Email Scam

4. Prevention Tips

Sharing Outline

Public Free Wi-Fi

Public Wi-Fi Network

Public Wi-Fi Network

Advice : - Turn off file sharing - Use a VPN

Ransomware

• CryptoLocker

• TorrentLocker

• TeslaCrypt

• Cryptowall

• CTB-Locker

• KeRanger

• Locky

• SamSam

• CryptXXX

• Cerber

Email Attachment

1. summary.exe, quotation.rar, invoice.zip, payment.js

2. summary.doc, quotation.xlsx, statement.ppt

Macros

Locky

.7z; .rar; .m4a; .wma; .avi; .wmv; .csv; .d3dbsp; .sc2save; .sie; .sum; .ibank; .t13; .t12; .qdf; .gdb; .tax; .pkpass; .bc6; .bc7; .bkp; .qic; .bkf; .sidn; .sidd; .mddata; .itl; .itdb; .icxs; .hvpl; .hplg; .hkdb; .mdbackup; .syncdb; .gho; .cas; .svg; .map; .wmo; .itm; .sb; .fos; .mcgame; .vdf; .ztmp; .sis; .sid; .ncf; .menu; .layout; .dmp; .blob; .esm; .001; .vtf; .dazip; .fpk; .mlx; .kf; .iwd; .vpk; .tor; .psk; .rim; .w3x; .fsh; .ntl; .arch00; .lvl; .snx; .cfr; .ff; .vpp_pc; .lrf; .m2; .mcmeta; .vfs0; .mpqge; .kdb; .db0; .DayZProfile; .rofl; .hkx; .bar; .upk; .das; .iwi; .litemod; .asset; .forge; .ltx; .bsa; .apk; .re4; .sav; .lbf; .slm; .bik; .epk; .rgss3a; .pak; .big; .unity3d; .wotreplay; .xxx; .desc; .py; .m3u; .flv; .js; .css; .rb; .png; .jpeg; .txt; .p7c; .p7b; .p12; .pfx; .pem; .crt; .cer; .der; .x3f; .srw; .pef; .ptx; .r3d; .rw2; .rwl; .raw; .raf; .orf; .nrw; .mrwref; .mef; .erf; .kdc; .dcr; .cr2; .crw; .bay; .sr2; .srf; .arw; .3fr; .dng; .jpeg; .jpg; .cdr; .indd; .ai; .eps; .pdf; .pdd; .psd; .dbfv; .mdf; .wb2; .rtf; .wpd; .dxg; .xf; .dwg; .pst; .accdb; .mdb; .pptm; .pptx; .ppt; .xlk; .xlsb; .xlsm; .xlsx; .xls; .wps; .docm; .docx; .doc; .odb; .odc; .odm; .odp; .ods; .odt

Source : www.virusresearch.org

Locky Delete the Shadow Copy and Restore Point

Infect other device within the network

Unplug the power

Detach all external storage device from the infected terminal

Detach the infected terminal from the network

Mitigation

Source : http://ransomwaretracker.abuse.ch/

CEO Email Scam

Email Scam

2014

2015

2016

No. of Case 1236 994 883

Amount of Loss

991M 1376M 1783M

Personal

16

1M

Corporate

867

1782M

Email Scam (Corporate)

That email from your CEO could be a scam…..

Email Scam (Corporate)

Send from CEO

email address

Staff

CEO

How Begins

Phishing Executive

Email to employee with look-alike domain

e.g. leader.com / Ieader.com

Prevention Tips

Multi-Layered Security

End User

Admin Server

IPS

Firewall

Cloud Security

Parisa Tabriz Security Princess of Google

Source: Unwire.pro

Best Practice 3-2-1

Backup Policy

Management Solution

Data Access Control

Device Management

Application Management

Incident Response Mechanism

Ultimate Tips

Keep Applications and OS update

Keep Applications and OS update

Keep Applications and OS

update